Risk Based Security (RBS) - VulnDB is now used as the primary CVE source for language libraries and CentOS - The RBS vulnerability feed is used in host and container vulnerability assessments (for agent, agentless, and scanner integrations).
Batch policy updates from the UI - You can now perform batch operations on policies, with the ability to enable, disable, or download multiple selected policies at once. Previously, you needed to enable or disable policies individually. See Batch Update Policies for more information.
Container Vulnerability now has Buildtime and Runtime views - The Container Vulnerability page is now split into two separate tabs: Buildtime (images found in CI/CD workflows) and Runtime (active container images).
Additional filters have also been added to the Container and Host Vulnerability pages.
Vulnerabilities found on inactive host kernels are automatically marked as exceptions - Inactive kernel packages are marked as exceptions during host evaluations. This can be seen when viewing the Vulnerability Status column for host assessments (CVE tab).
Multi-architecture container images are now supported by the Platform Scanner - See Multi-Architecture Image Support for details.
Attack path analysis - Lacework introduces new capabilities for cloud attack path analysis. The Lacework Polygraph® Data Platform leverages your cloud environment data and correlates multiple risk factors to generate Exposure Polygraphs that illustrate possible exposure paths.
Internet exposure filter added for host vulnerability - The Internet exposure filter lets you display only hosts that have been determined to be exposed to the internet during the latest agentless assessment. Other filter values include No (host is not exposed to the internet) and Unknown (status could not be determined).
Internet exposure impacts host vulnerability risk score calculation - The refactored host vulnerability risk score calculation more clearly distributes severities by actionability and adds internet exposure as a key score factor.
Internet exposure filter and tag added to the Alerts page.
Host alerts include a new Exposure tab - This tab provides exposure analysis for publicly accessible workloads across the network (public internet, internet gateway, security group, load balancer, EC2 instance).
After you click a host alert, the new tab appears between the Details and Investigation tabs.
The Exposure Polygraph uses nodes to depict the topology for a single host with the instance node enriched by contexts displayed in tabular format.
The host (EC2) node has associated badges that provide details about the type of risks detected, such as vulnerabilities, secrets, and compliance/misconfiguration.
Tabular data includes context such as vulnerabilities, secrets, compliance violations, and user activity.
Tabular data is also available for the configurations of the associated security group, ELB, and IAM role.
Single machine dossiers include instance ID mapping and the Exposure Polygraph sections - The information maps the machine to an instance ID and displays that instance's Exposure Polygraph.
Add AWS GovCloud support for Resource Inventory - Lacework now provides AWS GovCloud support for Resource Inventory which allows GovCloud customers to migrate to the new CSPM Compliance engine based on LPP/LQL.
New host policies - New policies detect reverse shell connections and cryptojacking artifacts. See General Policies for more information.
Support for more than 5000 rows in tables in the Agents dossier - The tables in the Agents dossier now support more than 5000 rows. The CSV file you download for a table in the Agents dossier also includes data for more than 5000 rows. The CSV files are compressed in a .gz (GNU Zipped archive) file to enable you to quickly download the file. Click Downloads in the left pane to access the CSV files you downloaded in the Agents dossier. The link to download a CSV file expires after 24 hours.